Aggregator

作为一只 CS 零基础、信安零基础、CTF 零基础的菜狐狐，苏卡卡今年又来参加 USTC Hackergame 啦！由于一边做题一边总结思路（指写 Write Up），所以苏卡卡应该是第一个发布非官方的 USTC Hackergame 2020 Write Up 的吧（嘿嘿）。 题图来自 USTC Hackergame 2019「Happy LUG」

近日，国家信息安全漏洞库（CNNVD）收到关于Linux kernel 缓冲区错误漏洞(CNNVD-2

个人比较懒，摘抄一段百度百科对于蜜罐的定义，这玩意基本上看标题一眼就能知道是干嘛的蜜罐技术本质上是一种对攻击

My GrayHat Red Team Village talk “Learning by doing: Building and breaking a machine learning system” is now live on YouTube. Check it out: https://www.youtube.com/watch?v=-SV80sIBhqY and smash the Like button! :D Question? I thought of turning the content into a hands-on workshop. Let me know if that would be something that would you would attend? Trying to see if there is interest. Cheers, Johann Twitter: @wunderwuzzi23

The sheer scale of cybercrime attacks makes automated defenses a necessity. Shape's Shuman Ghosemajumder writes for VentureBeat, describing how the bad guys are also embracing automation, and what we can do about it.

我的职业生涯恰好覆盖了整个安全届的角色划分：甲方、监管和乙方。如果用一句话来总结，那么甲方学到“安全是为业务服务的”、监管方学到“技术是达成目标的一种手段”、乙方学到“打铁必须自身硬”。目前还远没到享受时候，持续奋斗会贯穿未来工作的始终。

Three years ago, I graduated with a bachelor's degree in Electronic Engineering (Mechatronic) from University Tun Hussein Onn Malaysia. I was to be an engineer in the oil and gas industry - but the universe had a better plan for me. Instead, I stepped into IT, providing Technical Support despite my lack of knowledge. I was struggling! But it was there that I found my passion.

本报告部分引自Week in OSINT栏目，每周推荐好玩实用的工具，站点，技巧，文章等，适用于任何领域的研究人员，分析测试人员。

Cybersecurity regulators have recently levied huge fines against financial institutions and healthcare organizations. Is this the new normal?

老婆大人给我买的 MacBook Pro ，才200多循环电池最大余量就只剩下60%多了（说好能经受 1000 次折腾呢），查了一下相关资料感觉最近几年 MBP 的质量基本上都是在下滑，尤其是电...

This post walk though how I pwned the machine “Unbalanced” on Hack The Box.

由企业外网到内的攻击入侵问题可以用点面线问题来进行概述，本文讲解该问题。

在指定的时间窗口内进行扫描的时候，我们经常会希望扫描能在预定时间内完成。但是在某些环境中（比如网络限制等），设备可能出现无响应或者无法及时响应的情况。因此，扫描无法在既定时间窗口内完成。

关于Nexpose扫描效率的提升，除了自定义“Scan Templates”中的相关参数之外，您还可以从其他方面进行一些操作来提高扫描性能和效率。

序言安全需求安全方案敏感数据加密传输认证鉴权数据完整性和一致性证书的基本原理单向证书双向证书gRPC安全机制

曝光一下最近折腾的小玩意

Xcheck java安全检查引擎介绍与CVE-2014-3582 检测。

In our previous blogs, first where we explained JavaScript Obfuscation techniques and introduced a detailed overview on how JavaScript is being used to obfuscate page content to make phishing attacks and other web scams as evasive as possible; followed by one where we took a deep dive to examine double JavaScript obfuscation techniques, presenting a tale of an obfuscated scam seen in the wild and showing how the same phishing campaign is using numerous obfuscation techniques in an attempt to remain hidden.

那个曾经的勇者，在得到了市场的垄断后也终将变成恶龙？

I recently joined the Sales Development APAC team, looking after the Vietnam, Thailand and Hong Kong markets. I'd already had a great impression of Akamai's culture from my interview rounds. But how would the onboarding work? I'd been looking forward to meeting new colleagues in an office environment. I wanted to feel part of a new team; that sense of collaboration you get from personal interaction. Instead, I only got to meet our IT guy outside the office who presented me with my MacBook Pro.